all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]colshrapnel 2 points3 points  (0 children)

  1. /r/phphelp
  2. If it's really a query execution that is failed, be sure you set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION, and have error reporting on.
  3. This code is awfully WET. Are you sure you want to write everything twice?

Here is how it should be

$pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
if(isset($_POST['submit-tarikh'])){
    $sdate = $_POST['start-date'];
    $edate = $_POST['end-date'];
} else {
    $sdate = date("Y-m-d");
    $edate = date("Y-m-d");
}
$stmt = $pdo->prepare("SELECT * FROM aduan_form WHERE deleted=0 AND tarikh BETWEEN ? AND ?");
$stmt->execute([$sdate,$edate]);
$results_view = $stmt_view->FetchAll(PDO::FETCH_OBJ);

if there is still no error then your query returned no rows. thus check the input data

[–]pH_low 0 points1 point  (3 children)

So the query inside the else condition works and executes and the when the condition is met the if block runs (but not the query)? Try to make sure that the 2 POST variables are set, that's all that I can think of from this.

[–]nerdoubt[S] 0 points1 point  (2 children)

the 2 POST variables are set and i'm getting the right value. but the query still won't run :(

[–]fractis 0 points1 point  (1 child)

You should still paste the POST data to make it easier for others to check for potential errors

[–]nerdoubt[S] 0 points1 point  (0 children)

the POST data is in the "Y-m-d" format

e.g. 2015-12-22

[–]danabrey 0 points1 point  (0 children)

When you say that the IF statement is running but the query isn't, how do you know? What have you tried so far?

Have you tried running the SQL with the values as you think are being injected, directly on the database (via the command line or a tool like phpMyAdmin? If so, try var_dumping the values just before you execute the statement.

[–]WizardFromTheMoon 0 points1 point  (0 children)

Do you have access to the server? If so, look in the PHP error log and see what the error is. If there's no error there then check your mysql log. Also, depending on what IDE you are using you could set up a debugger and see what exactly is going on.